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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 

Listing of Claims: 

1. (Currently amended) A cryptographic system In a computer system , 
comprising: 

a database, the database configured to contain sensitive information; 
at least one process; 

two or more master keys of which at least one master key is a most-secure 
master key and requiring a multi-part construction to be exposed, relative to the at 
least one most-secure master key each of the remaining one or more master 
keys is a less-secure master key and requiring construction from fewer parts to 
be exposed, the at least one most-secure master key can be used for detecting 
tampering of any less-secure master key; and 

means for cryptographically linking one or more of the at least one most- 
secure master key with one or more less-secure master keys such that any 
tampering of the one or more less-secure master keys can be detected. 

2. (Currently amended) A cryptographic system as in claim 1, wherein the 
cryptographic linking is performed by creating a message digest of the one or 
more most-secure master keys concatenated with the one or more less-secure 
master keys, and saving the result in a -the database. 

3. (Original) A cryptographic system as in claim 1, wherein the cryptographic 
linking is performed by creating a message digest of the one or more most-secure 
master keys concatenated with a random value and further concatenated with the 
one or more less-secure master keys, and saving the result in a database. 

4. (Original) A cryptographic system as in claim 3, wherein the random value 
is a Salt. 
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5. (Original) A cryptographic system as in claim 1 , wherein for each of the 
one or more most-secure master keys the cryptographic linking is performed by 
using that most-secure master key as a symmetric encryption key, to compute a 
symmetric message authentication code, and retaining some or all of the result. 

6. (Original) A cryptographic system as in claim 1 , wherein for each of the 
one or more most-secure master keys the cryptographic linking is performed to 
produce an 8-byte result by using that most-secure master key as a symmetric 
encryption key, to compute a symmetric message authentication code, and 
retaining a 4-byte portion of the result. 

7. (Original) A cryptographic system as in claim 6, wherein the symmetric 
message authentication code is computed using cipher-block chaining (CBC) 
method of any symmetric encryption algorithm. 

8. (Original) A cryptographic system as in claim 7, wherein the CBC is 
performed using a random number as an initialization vector, and wherein the 
initialization vector is saved along with the result. 

9. (Original) A cryptographic system as in claim 1, wherein the two or more 
master keys are kept In non-swappable physical memory. 

10. (Original) A cryptographic system as in claim 9, wherein the non- 
swappable physical memory is protected. 

11. (Original) A cryptographic system as in claim 1, wherein the two or more 
master keys are kept in virtual memory. 

12. (Original) A cryptographic system as in claim 1 f wherein, respectively, the 
at least one most-secure master key and the one or more less-secure master 
keys, include a protection key and an integrity key, the protection key protecting 
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. access to sensitive information and the integrity key ensuring the integrity of the 
sensitive information. 

13. (Cancelled). 

14. (Original) A cryptographic system as in claim 1, wherein the sensitive 
information can be a public key. 

15. (Original) A cryptographic system as in claim 1, wherein the means for 
cryptographically linking is a key repository process for enforcing enterprise 
policies and policy decisions. 

16. (Currently amended) A method for linking multiple cryptographic keys, 
comprising: 

providing a computer system: 

instantiating at least one process on the computer system : 
providing two or more master keys of which at least one master key is a 
most-secure master key and requiring a multi-part construction to be exposed, 
relative to the at least one most-secure master key each of the remaining one or 
more master keys is a less-secure master key and requiring construction from 
fewer parts to be exposed, the at least one most-secure master key can be used 
for detecting tampering of any less-secure master key; and 

instantiating a key repository process that validates and records 
authorizations to access the two or more master keys, the key repository process 
cryptographically linking one or more of the at least one most-secure master key 
with one or more less-secure master keys such that any tampering of the one or 
more less-secure master keys can be detected. 

17. (Original) A method as in claim 16, wherein the cryptographic linking is 
performed by creating a message digest of the one or more most-secure master 
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keys concatenated with the one or more less-secure master keys, and saving the 
result in a database. 

18. (Original) A method as in claim 16, wherein the cryptographic linking is 
performed by creating a message digest of the one or more most-secure master 
keys concatenated with a random value and further concatenated with the one or 
more less-secure master keys, and saving the result in a database. 

19. (Original) A method as in claim 16, wherein the random value is a Salt. 

20. (Original) A method as in claim 16, wherein for each of the one or more 
most-secure master keys the cryptographic linking is performed by using that 
most-secure master key as a symmetric encryption key, to compute a symmetric 
message authentication code, and retaining some or all of the result. 

21. (Original) A method as in claim 16, wherein for each of the one or more 
most-secure master keys the cryptographic linking is performed to produce an 8- 
byte result by using that most-secure master key as a symmetric encryption key, 
to compute a symmetric message authentication code, and retaining a 4-byte 
portion of the result 

22. (Original) A method as in claim 16, wherein the symmetric message 
authentication code is computed using cipher-block chaining (CBC) method of 
any symmetric encryption algorithm. 

23. (Original) A method as in claim 16, wherein the CBC is performed using a 
random number as an initialization vector, and wherein the initialization vector is 
saved along with the result. 

24. (Original) A method as in claim 16, wherein the two or more master keys 
are kept in non-swappable physical memory. 
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25. (Original) A method as in claim 23, wherein the non-swappable physical 
memory is protected. 

26. (Original) A method as in claim 16, wherein the two or more master keys 
are kept in virtual memory. 

27. (Original) A method as in claim 16, wherein, respectively, the at least one 
most-secure master key and the one or more less-secure master keys, include a 
protection key and an integrity key, the protection key protecting access to 
sensitive information and the Integrity key ensuring the integrity of the sensitive 
information. 

28. (Cancelled). 

29. (Original) A method as in claim 16, wherein the sensitive information can 
be a public key. 
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